Added support for SSO between cluster nodes.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9318 b35dd754-fafc-0310-a699-88a17e54d16e

Added support for SSO between cluster nodes.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@9318 b35dd754-fafc-0310-a699-88a17e54d16e
30e9bb67 · Gaston Dombiak · gato · c731985b · 30e9bb67 · 30e9bb67
Commit 30e9bb67 authored Oct 16, 2007 by Gaston Dombiak Committed by gato Oct 16, 2007
3 changed files
--- a/src/java/org/jivesoftware/openfire/cluster/ClusterManager.java
+++ b/src/java/org/jivesoftware/openfire/cluster/ClusterManager.java
@@ -401,6 +401,23 @@ public class ClusterManager {
        return NodeID.getInstance(clusterMemberID);
    }

+    /**
+     * Returns true if the specified node ID belongs to a known cluster node
+     * of this cluster.
+     *
+     * @param nodeID the ID of the node to verify.
+     * @return true if the specified node ID belongs to a known cluster node
+     *         of this cluster.
+     */
+    public static boolean isClusterMember(byte[] nodeID) {
+        for (ClusterNodeInfo nodeInfo : getNodesInfo()) {
+            if (nodeInfo.getNodeID().equals(nodeID)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
    private static class Event {
        private EventType type;
        private byte[] nodeID;

--- a/src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
+++ b/src/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java
@@ -2,7 +2,7 @@
 * $Revision: 3034 $
 * $Date: 2005-11-04 21:02:33 -0300 (Fri, 04 Nov 2005) $
 *
- * Copyright (C) 2004-2006 Jive Software. All rights reserved.
+ * Copyright (C) 2004-2007 Jive Software. All rights reserved.
 *
 * This software is published under the terms of the GNU Public License (GPL),
 * a copy of which is included in this distribution.
@@ -10,9 +10,9 @@

 package org.jivesoftware.openfire.container;

-import org.jivesoftware.util.*;
 import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.net.SSLConfig;
+import org.jivesoftware.util.*;
 import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.Handler;
 import org.mortbay.jetty.Server;
@@ -22,6 +22,7 @@ import org.mortbay.jetty.nio.SelectChannelConnector;
 import org.mortbay.jetty.security.SslSelectChannelConnector;
 import org.mortbay.jetty.servlet.Context;
 import org.mortbay.jetty.webapp.WebAppContext;
+
 import javax.net.ssl.SSLContext;
 import java.io.File;
 import java.security.KeyStore;
@@ -36,6 +37,12 @@ import java.util.List;
 */
 public class AdminConsolePlugin implements Plugin {

+    /**
+     * Random secret used by JVM to allow SSO. Only other cluster nodes can use this secret
+     * as a way to integrate the admin consoles of each cluster node.
+     */
+    public final static String secret = StringUtils.randomString(64);
+
    private int adminPort;
    private int adminSecurePort;
    private Server adminServer;
@@ -77,13 +84,7 @@ public class AdminConsolePlugin implements Plugin {
        if (adminPort > 0) {
            Connector httpConnector = new SelectChannelConnector();
            // Listen on a specific network interface if it has been set.
-            String interfaceName = JiveGlobals.getXMLProperty("network.interface");
-            String bindInterface = null;
-            if (interfaceName != null) {
-                if (interfaceName.trim().length() > 0) {
-                    bindInterface = interfaceName;
-                }
-            }
+            String bindInterface = getBindInterface();
            httpConnector.setHost(bindInterface);
            httpConnector.setPort(adminPort);
            adminServer.addConnector(httpConnector);
@@ -99,13 +100,7 @@ public class AdminConsolePlugin implements Plugin {
                }
                         
                JiveSslConnector httpsConnector = new JiveSslConnector();
-                String interfaceName = JiveGlobals.getXMLProperty("network.interface");
-                String bindInterface = null;
-                if (interfaceName != null) {
-                    if (interfaceName.trim().length() > 0) {
-                        bindInterface = interfaceName;
-                    }
-                }
+                String bindInterface = getBindInterface();
                httpsConnector.setHost(bindInterface);
                httpsConnector.setPort(adminSecurePort);

@@ -188,6 +183,24 @@ public class AdminConsolePlugin implements Plugin {
        return restartNeeded;
    }

+    /**
+     * Returns <tt>null</tt> if the admin console will be available in all network interfaces of this machine
+     * or a String representing the only interface where the admin console will be available.
+     *
+     * @return String representing the only interface where the admin console will be available or null if it
+     * will be available in all interfaces.
+     */
+    public String getBindInterface() {
+        String interfaceName = JiveGlobals.getXMLProperty("network.interface");
+        String bindInterface = null;
+        if (interfaceName != null) {
+            if (interfaceName.trim().length() > 0) {
+                bindInterface = interfaceName;
+            }
+        }
+        return bindInterface;
+    }
+
    /**
     * Returns the non-SSL port on which the admin console is currently operating.
     *

--- a/src/java/org/jivesoftware/openfire/container/GetAdminConsoleInfoTask.java
+++ b/src/java/org/jivesoftware/openfire/container/GetAdminConsoleInfoTask.java
+/**
+ * $Revision: $
+ * $Date: $
+ *
+ * Copyright (C) 2004-2007 Jive Software. All rights reserved.
+ *
+ * This software is published under the terms of the GNU Public License (GPL),
+ * a copy of which is included in this distribution.
+ */
+
+package org.jivesoftware.openfire.container;
+
+import org.jivesoftware.openfire.XMPPServer;
+import org.jivesoftware.util.cache.ClusterTask;
+import org.jivesoftware.util.cache.ExternalizableUtil;
+
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.net.*;
+import java.util.Collections;
+import java.util.Enumeration;
+
+/**
+ * Task that will return the bind interface and ports being used by the admin
+ * console of the node where the task will be executed. When the admin console
+ * is binded to all network interfaces this task will try to find a valid IP
+ * address that will work for the remote node.<p>
+ *
+ * A <tt>null</tt> bindInterface in the result of this task means that the task
+ * failed to find a valid IP address where the admin console is listening.
+ *
+ * @author Gaston Dombiak
+ */
+public class GetAdminConsoleInfoTask implements ClusterTask {
+    private String bindInterface;
+    private int adminPort;
+    private int adminSecurePort;
+    private String adminSecret;
+
+
+    public Object getResult() {
+        return this;
+    }
+
+    public void run() {
+        PluginManager pluginManager = XMPPServer.getInstance().getPluginManager();
+        AdminConsolePlugin adminConsolePlugin = ((AdminConsolePlugin) pluginManager.getPlugin("admin"));
+
+        bindInterface = adminConsolePlugin.getBindInterface();
+        adminPort = adminConsolePlugin.getAdminUnsecurePort();
+        adminSecurePort = adminConsolePlugin.getAdminSecurePort();
+        adminSecret = AdminConsolePlugin.secret;
+
+        if (bindInterface == null) {
+            Enumeration<NetworkInterface> nets = null;
+            try {
+                nets = NetworkInterface.getNetworkInterfaces();
+            } catch (SocketException e) {
+                // We failed to discover a valid IP address where the admin console is running
+                return;
+            }
+            for (NetworkInterface netInterface : Collections.list(nets)) {
+                Enumeration<InetAddress> addresses = netInterface.getInetAddresses();
+                for (InetAddress address : Collections.list(addresses)) {
+                    if ("127.0.0.1".equals(address.getHostAddress())) {
+                        continue;
+                    }
+                    Socket socket = new Socket();
+                    InetSocketAddress remoteAddress = new InetSocketAddress(address, adminPort > 0 ? adminPort : adminSecurePort);
+                    try {
+                        socket.connect(remoteAddress);
+                        bindInterface = address.getHostAddress();
+                        break;
+                    } catch (IOException e) {
+                        // Ignore this address. Let's hope there is more addresses to validate
+                    }
+                }
+            }
+        }
+    }
+
+    public String getBindInterface() {
+        return bindInterface;
+    }
+
+    public int getAdminPort() {
+        return adminPort;
+    }
+
+    public int getAdminSecurePort() {
+        return adminSecurePort;
+    }
+
+    public String getAdminSecret() {
+        return adminSecret;
+    }
+
+    public void writeExternal(ObjectOutput out) throws IOException {
+        ExternalizableUtil.getInstance().writeInt(out, adminPort);
+        ExternalizableUtil.getInstance().writeInt(out, adminSecurePort);
+        ExternalizableUtil.getInstance().writeBoolean(out, bindInterface != null);
+        if (bindInterface != null) {
+            ExternalizableUtil.getInstance().writeSafeUTF(out, bindInterface);
+        }
+        ExternalizableUtil.getInstance().writeSafeUTF(out, adminSecret);
+    }
+
+    public void readExternal(ObjectInput in) throws IOException, ClassNotFoundException {
+        adminPort = ExternalizableUtil.getInstance().readInt(in);
+        adminSecurePort = ExternalizableUtil.getInstance().readInt(in);
+        if (ExternalizableUtil.getInstance().readBoolean(in)) {
+            bindInterface = ExternalizableUtil.getInstance().readSafeUTF(in);
+        }
+        adminSecret = ExternalizableUtil.getInstance().readSafeUTF(in);
+    }
+
+}